All of the changes made will be available here.

Better Auth is comprehensive authentication library for TypeScript that provides a wide range of features to make authentication easier and more secure.

DocumentationGitHubCommunity

BETTER-AUTH.

[email protected]

Patch Changes

  • Added support for listing organization members with pagination, sorting, and filtering, and improved client inference for additional organization fields. Also fixed date handling in rate limits and tokens, improved Notion OAuth user extraction, and ensured session is always set in context.
  • Added listMembers API with pagination, sorting, and filtering.
  • Added membersLimit param to getFullOrganization.
  • Improved client inference for additional fields in organization schemas.
  • Fixed date handling by casting DB values to Date objects before using date methods.
  • Fixed Notion OAuth to extract user info correctly.
  • Ensured session is set in context when reading from cookie cach

@better-auth/[email protected]

Patch Changes

  • ac6baba: chore: fix typo on freeTrial

  • c2fb1aa: Fix duplicate trials when switching plans

@better-auth/[email protected]

No changes

@better-auth/[email protected]

No changes

@better-auth/[email protected]

No changes

v1.3.3

🚀 Features

  • sso: Support disabling setting email verified from a provider – @Bekacru

🐞 Bug Fixes

  • Issue when setting rate limit storage with a different model name – @dkendrick
  • organization: List organization teams should prioritize query param team id – @Bekacru
  • sso: Include mapping inside samlConfig payload – @natetewelde
  • stripe: Revert a change where incomplete stripe session is getting updated to active on upgrade – @Bekacru
    View changes on GitHub

v1.3.2

🐞 Bug Fixes

  • Improve setting active org performance – @Kinfe123
    View changes on GitHub

v1.3.1

🐞 Bug Fixes

  • Changed the Twitter provider to use "post" authentication instead of "basic" when validating the authorization code – @dagmawibabi
  • organization:
    • Dixed organization schema inference when multiple plugins are present in the plugins array – @ping-maxwell
    • Multi teams breaking active organization id type inference – @Bekacru
    View changes on GitHub

v1.3.0

🚀 Features

  • Sveltekit cookie helper plugin – @Kinfe123
  • SSO plugin with OIDC and SAML support – @Bekacru
  • Linear social provider – @JedPattersonn
  • Add encryption for OTPs and other verification information – @ping-maxwell
  • Notion provider – @ephraimduncan
  • Add sendOnSignIn option to make sending verification link in sign in route explicit – @kmate19
  • Add inferAuth to infer plugin types and more on the client without needing client plugins – @Bekacru
  • Add rememberMe option to signUpEmail@aleclarson
  • Add slack social provider – @ephraimduncan
  • Add an option to encrypt oauth tokens by default – @Bekacru
  • OnPasswordReset callback – @Kinfe123
  • AfterEmailVerification callback – @Kinfe123
  • SIWE plugin – @rokitgg
  • admin:
    • Update user – @Bekacru
  • anonymous:
    • Update generateName to support returning a promise – @btx-systems
  • api-key:
    • Async support for verify key – @Kinfe123 @Bekacru
    • requireName to enforce name on keys – @ping-maxwell
  • docs:
    • APIMethod, documents all server & client auth examples – @ping-maxwell
  • drizzle:
    • Support camel case schema generation – @Bekacru
  • email-otp:
    • Support email verification override – @Bekacru
  • generic-oauth:
    • Add support for additional token URL params in generic OAuth – @CaoMeiYouRen
  • magic-link:
    • Support errorCallbackURL & newUserCallbackURL – @ping-maxwell
  • oidc:
    • Add refresh token support to discovery document and token endpoint – @tinkerer-shubh
    • Support JWKs with JWT plugin – @NefixEstrada
    • Add support for public clients with PKCE authentication – @pekastel
  • oidc-provider:
    • Trusted clients – @BadPirate
    • Support encrypting and hashing secrets – @Bekacru
  • organization:
    • listUserInvitations adds the ability to list all invitations for a given user – @ping-maxwell
    • AdditionalFields for org, member, invitation & team – @ping-maxwell
    • Multi-team support – @Bekacru
  • social-providers:
    • Add Faceit Social Provider – @Whats-A-MattR
    • Add Faceit Social Provider " – @Bekacru
  • sso:
    • Configurable provider limit – @Kinfe123
  • stripe:
    • Pass context obejct to stripe plugin callbacks – @Bekacru
  • username:
    • Check username availability – @ping-maxwell
    • Add custom username normalization option – @bortoz

🐞 Bug Fixes

  • Import setCookie from tanstack start core package – @asterikx
  • Exclude current user from username update checks – @kylekz
  • Correct way detect facebook limited token jwt – @reslear
  • Update Discord link to use the correct invite URL in blogs section – @vagxrth
  • Linking accounts for anon users with one tap and passkey – @Kinfe123
  • Don't require email for account linking – @arlyon
  • Add image option to signUpEmail types and schema – @acusti
  • Implement standard Base64 encoding for HTTP Basic Auth in token refresh and validation – @naimkhrof
  • Schema generation when using advanced.databse.useNumberId – @body20002
  • Mysql foreign key constraints on generate – @Kinfe123
  • Zodv4 migration leftover due to conflict – @Kinfe123
  • Sso typecheck – @Kinfe123
  • Global onSuccess callback hook not being called – @Kinfe123
  • admin:
    • Throw an error if user id in /remove-user is invalid – @ping-maxwell
    • Before create hook was not triggered when creating a user through the admin plugin – @Kinfe123
    • Pass ctx to user create db hook – @ping-maxwell
  • api-key:
    • Incorrect rate limit error status code – @ping-maxwell
    • Incorrect rate limit error status code – @ping-maxwell
    • Non-expiring API keys (with expiresAt set to null) were being deleted by mistake – @reslear
  • cli:
    • Format drizzle schema output – @Kinfe123
  • db:
    • Add varchar to postgres string mapping and normalize type comparison – @tinkerer-shubh
  • drizzle-cli:
    • Use serial as PK when useNumberId is enabled – @ismi-abbas
    • Use serial as PK when useNumberId is enabled – @ismi-abbas
  • dropbox:
    • Added support for the token access type option – @Kinfe123
  • email-otp:
    • Throw USER_NOT_FOUND when sign-up is disabled – @tinkerer-shubh
    • Throw USER_NOT_FOUND when sign-up is disabled – @tinkerer-shubh
  • expo:
    • Expo plugin should import types from the types path – @Kinfe123
  • generic-oauth:
    • Error callback should avoid malformed URLs when the original URL already has query parameters – @Lqm1
  • jwt:
    • Allow to generate JWKS with other algorithm than the default one – @LightTab2
  • mcp:
    • Issue with hardcoded baseURL in withMcpAuth – @lazakrisz
  • mongodb:
    • Honor custom generateId in create – @tinkerer-shubh
  • next-cookies:
    • Don't throw in monorepo workspaces – @ping-maxwell
  • oauth:
    • Google prompt doesn't allow +@ping-maxwell
    • Extended oauth2 tokens with refresh_token_expires_in field – @0xCodeMaieutics
  • oidc-provider:
    • Relax offline_access scope validation by removing prompt=consent requirement – @tinkerer-shubh
  • open-api:
    • Include additional fields – @Kinfe123
  • organization:
    • List-teams endpoint returns unknown@ping-maxwell
    • Allow org owner to update their own roles – @frectonz
  • origin-check:
    • Support protocol-specific wildcard trusted origins – @nascode
  • phone-number:
    • Verification value should be removed after successful password reset – @Bekacru
  • social-providers:
    • Twitch provider not returning if email is valid – @Pantotone
  • sso:
    • Saml redirection – @Kinfe123
  • stripe:
    • Allow upgrading incomplete subscriptions – @Kinfe123
    • Prevent duplicate customers – @dagmawibabi
  • two-factor:
    • Incorrect default OTP period & fix incorrect docs – @ping-maxwell
    • Incorrect default OTP period & fix incorrect docs – @ping-maxwell
    • Getting totp uri shouldn't require twoFactor enabled – @occorune
    • Otp separator mismatch – @Kinfe123
    • Use twoFactorEnabled flag instead of database lookup for OTP validation – @bairdj
  • username:
    • Add callbackURL option to signInUsername@aleclarson
    View changes on GitHub

v1.2.12

🐞 Bug Fixes

  • account:
    • Add placeholder URL for type inference in linkSocialAccount response – @Bekacru
  • create-adapter:
    • getModelName should apply plural to custom model names – @ping-maxwell
    • TransformWhere should account for customTransformInput – @ping-maxwell
    • Doesn't work with mongoAdapter – @ping-maxwell
  • email-otp:
    • Doesn't call onEmailVerification – @ping-maxwell
    View changes on GitHub

v1.2.11

🐞 Bug Fixes

  • api-key: Update should only use by ID – @Kinfe123
  • sveltekit: Only dynamic import $app/environment once – @tehnrd
  • user-card: Refactor email verification button and update trusted origins – @Bekacru
  • username: Log the correct username – @bortoz
    View changes on GitHub

v1.2.10

🚀 Features

  • Allow passing id in DB hook create@ping-maxwell
  • Link account with idToken – @reslear
  • Add Hugging Face provider – @coyotte508
  • cli: Allow cli to use custom adapter createSchema if implemented – @taivo
  • organization: MaximumMembersPerTeam support – @ping-maxwell

🐞 Bug Fixes

  • Support "ne" (not equal) filter in Prisma adapter – @matteovava
  • Propagate a secondary storage updates on updated user – @Kinfe123
  • Incremental scopes for Microsoft and return all granted scopes for Google – @jafri
  • Remove active organization when member isn't found – @Bekacru
  • DeleteUser check session freshAge using ms instead of sec – @etler
  • Always use custom errorURL when available – @ErikPetersenDev
  • Duplicate oauth registration – @Bekacru
  • Expose-headers override in bearer plugin when setting set-auth-token@Kinfe123
  • Delete user should respect freshAge config – @Bekacru
  • Use correct refresh token endpoint for github – @artemoire
  • OnLinkAccount trigger on phone number verification – @Kinfe123
  • Expose headers override in jwt plugin – @Kinfe123
  • email-otp: Auto-verify on email otp reset – @Kinfe123
  • email-verification: Improve email verification logic to check session and user email consistency – @Bekacru
  • expo: Remove duplicated trusted origins – @Bekacru
  • get-session: Missing null type on /get-session when throw:true is set – @ping-maxwell
  • oauth-proxy: Resolve current URL with precedence – @juliusmarminge
  • organization: Organization with no members error – @seanlucakrueger
  • twitter: Update email verification logic in profile mapping – @Xirynx
    View changes on GitHub

v1.2.9

🚀 Features

  • Support bun sqlite by default – @Bekacru
  • MCP plugin – @Bekacru
  • New user delete flow – @BlankParticle
  • Add account info endpoint – @BlankParticle @Bekacru
  • Add promise support for custom user info claims – @zackify
  • Add getCookieCache helper and update session handling – @Bekacru
  • Support passing error callback url for account linking – @Bekacru
  • Support stripe seat upgrade – @Bekacru
  • customPaths: Provide an option to modify and map api paths – @CrutchTheClutch
  • passkey: AAGUID field support – @s3f5

🐞 Bug Fixes

  • Use dynamic list of social providers to allow generic oauth – @BlankParticle
  • Make sure updatedAt is updated on session refresh – @Kinfe123
  • Improve the callbackURL parameter for social, oauth, SSO – @gee1k
  • Plugin init context should carry modified context from other plugins – @Bekacru
  • Avoid refreshing tokens if the provider doesn't return refresh tokens – @stephenjason89
  • Init snapshot – @ping-maxwell
  • Prisma schema not required on dev/bun – @Kinfe123
  • SSR handling in useAuthQuery to prevent hydration issues – @yerzham
  • Encoded callbackURL – @Kinfe123
  • Allow contains filter for users in admin – @Kinfe123
  • Microsoft entra token refresh scope – @CarbonNeuron
  • Demo build & upgrades – @Kinfe123
  • Docs sidebar height – @Kinfe123
  • Default value on generate – @Kinfe123
  • Construct valid URL from VERCEL_URL env – @juliusmarminge
  • Add prompt option on github – @Kinfe123
  • Remove empty migration with semi colon – @Kinfe123
  • Rename forgetPassword APIs to requestPasswordReset@Bekacru
  • Lookup keys without the priceId – @Kinfe123
  • Oauth proxy between http and https – @juliusmarminge
  • X:
    • Used x.com domain for all twitter provider urls – @armannaj
  • admin:
    • Respect cookie prefix for impersonate admin cookies – @Bekacru
  • api-key:
    • Rate limits not working – @ntgussoni
  • apple:
    • Correctly map email verification status from profile – @gee1k
    • Response type should be set to idToken code to get full user profile data – @Bekacru
  • cli:
    • Missing dependency @babel/core – @NormalGaussian
  • demo:
    • Avoid page refresh on session termination – @Kinfe123
  • magic-link:
    • URI-encode magic link callbackURL – @philipp-lampert
  • mongo-adapter:
    • Fix incorrect transformation of findOneAndX outputs – @matt-shipman
  • oidc-provider:
    • Consent should be able to be accepted if state is empty – @zackify
    • Authorize post-auth flow – @BadPirate
  • prisma:
    • "eq" invalid argument OR clause – @Konixy
  • stripe:
    • Inconsistency preventing subscription upgrades – @rgodha24
    • Use the stripeSubscriptionId from the fetched subscription instead of the one from the request – @TheYoxy
    View changes on GitHub